Skip to content

SQL Injection Vulnerability in PostgreSQL Driver #120

New issue
New issue
Open
Open
SQL Injection Vulnerability in PostgreSQL Driver#120
@BenMacha

Description

@BenMacha
BenMacha
opened on Aug 27, 2025

Bug Report

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? needs verification
Licence Apache-2.0

Critical Issues

SQL Injection Vulnerability in PostgreSQL Driver

File: /src/Ting/Driver/Pgsql/Driver.php
Line: 443
Severity: HIGH

$sql = "SELECT currval('$sequenceName')";

Issue: Direct string interpolation of $sequenceName parameter into SQL query without proper escaping or parameterization. This creates a potential SQL injection vulnerability.

Impact: An attacker could potentially execute arbitrary SQL commands if they can control the sequence name parameter.

Recommendation: Use parameterized queries or proper escaping:

$sql = "SELECT currval($1)";
$resultResource = @pg_query_params($this->connection, $sql, [$sequenceName]);

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions